Ngrok is a genuine software and mainly used by developers to expose local web servers or any other TCP service to the internet. However, ngrok is now widely abused by threat actors and abused in multiple ways including persistence & data exfiltration purposes. ngrok exposes local services to the internet by wrapping TCP connections under… Continue reading
SharpSpray is a Windows domain password spraying tool written in .NET C#. SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and outside a domain context. Exclude domain disabled accounts from the spraying. Auto… Continue reading
Introduction SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user’s session. This project is a rewrite and expansion on @Matt_Grandy_ CIMplant & @christruncer WMImplant SharpStrike allows you to gather data about a remote system, execute commands, exfiltrate… Continue reading
Introduction ESS Notifier is a notable security event scanner & notifier for Splunk Enterprise Security. The purpose of this tool is to send/push notifications via Email/Slack/REST API whenever a new security notable event is triggered on Splunk ESS. This tool is ideally best used by Managed Service Providers (MSP) who provide SOC as a Service…. Continue reading
Introduction Password Spraying is a technique attackers leverage to guess the passwords of accounts by trying a small number of highly common passwords against a large number of accounts while also staying below an organization’s defined lockout threshold. This allows an attacker to compromise accounts without any elevated privileges and masking themselves from detection by… Continue reading
Introduction YARA rules are used at (but not limited to) by malware researchers to identify and classify malware samples. With YARA, you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression that… Continue reading